my SAX parser needs to read/write a file, therefore i set this permissions:grant{permission java.util.PropertyPermission "javax.xml.parsers.SAXParserFactory", "write";permission java.io.FilePermission "c:\\-", "read, write, delete";permission java.net.SocketPermission "*:1-", ...

Hi I am developing a client application that needs to access some protected resources on app servers (such as sending messages to a jms queue). The app server I am using is weblogic81, but my question is generic.Obviously, I got "access denied" exception if I don't do anything about security. ...

I'm currently designing the security portion of an application and it has been decided that all user information will be stored using a database. We also wish to store the policy file definition in the database as well in order to better protect it from intentional or unintentional editing / ...

I hit an error java.lang.NullPointerException when I try to access a https website.Just wondering if someone can assist:Coding:try{TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}public ...

I use jarsigner to sign a jar file with a self-signed entry in keystore.I think when verify this jar file,jarsigner will tell me to input the certificate path,the certificate is corresponding to the private key I used to sign,but jarsigner don't ask me to input any certificate.the document ...

>_<" : Hi All,I am very new in JAAS & new Java developer. I have successfuly authendicate users usingLoginModule But I don't know where and how to set the user's permission to controlthe access to certain URL.For Example:In our database there is a user info table called USER_AUTH. ...

Hi,I 'm new to this so please pardon me for asking such stupid question.I want to authenticate user before entering my Swing application. For this, I can design a userid and password screen. (easy stuff)How can I store the "encrypted" password in some file/ table and authenticate at the time ...

Hi, I am developing a web application, which uses the RSA SecureID solution. I need a way to communicate with the server or agent and I am looking for some sort of third party API. As I am unable to find anything on this topic, I request help from those who have worked on RSA ...

Hi,I've been thru the tutorial and written my own CallbackHandler but when debugging the handle method is never entered.Here's a code snippetLoginContext lc = null;try{ LocalCallbackHandler localCallbackHandler = new LocalCallbackHandler(user, pwd); lc = new LoginContext("LDAP", ...

whether the file selected exists after modifying the path of the selected file which is displaying in the textbox?

Are there any Java API's or classes for issuing certificates from Windows2003 Certification Authority. I have CA under Windows 2003 and I would liketo build Java application interface for issuing, verifying and revokingcertificates.Any help or technique appreciate.Regards,Kostadin ...

can some one help me in using jaas , where i have access only to web.xml not server.xml , please gimme a link or an example for using jaas please its vey ugent

Hi everybody....I am trying to sing files in my program, so I was watching the Signature class and I need a private key, I have a signed certificate by IPSCA and I want to sing the files using this certificate private key. How can I get this private key? I mean the certficiate private key, it ...

My application runs fine on windows. When I move it to Solaris , I get a KRBError code 68 -- and I can't find any infor on what that means. The root cause is "Identifier doesn't match expected value (906) " but I'm running the same login info that works on windows. Any guidance on what I'm ...

I have a large security problem. I am making applications and applets that need to connect to a database. If I hardcode the address, user, and password of the database someone can decompile the code (javap -c <class>) and get the information. If I place the information in a seperate ...

hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way ...

Scenario:1. The client is a java application (not a web app).2. The EJB is stateless session3. The EJB has authorization information in the deployment descriptor - Declarative Security. (I don't want to use programmatic security).4. I want the client to invoke the EJB, and I want the ...

Using builtin default etypes for default_tkt_enctypesdefault etypes for default_tkt_enctypes: 3 1 16.Using builtin default etypes for default_tkt_enctypesdefault etypes for default_tkt_enctypes: 3 1 16.>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType>>> KrbAsReq ...

How to export private key file from jks keystore with j2se1.4.2 keytool?

Hi.Can I change authorization parameters in code?I found this:"1. Check whether there is an Authorization header. If there isno such header, go to Step 2. If there is, skip over the word“basic” and reverse the base64 encoding of the remaining part.This results in a string of the ...

I'm writing an application that contains portions of a CA. I'm able to successfully generate a CSR and have my "CA" certificate sign it, but can't seem to find out how to generate a PKCS #7 certificate chain from the signed certificate to complete the job. I've looked through the ...

Hello everyone.I writting you because a I have a big problem using ssl and client authenticate.I created a connector for the client connetions:<Connector port="9443" maxThreads="150" minSpareThreads="25" ...

I am developing an object pool and I am told to use JAAS authorization to authorize users to read/write/create the object pool. More specifically, some users, like managers, are able to read, write, and create the object pools, while some other users, like operators, can only read it. I have ...

Hu guys,I'm currently setting up a J2EE web-app to use Kerberos via HTTP (by using the jcifs-ext package, which uses JAAS and JGSS through the Negotiate protocol), but after an age of finding out how everything should be set up, I've hit a problem at what I think is the last stage.Basically ...

Hello,Even though there are several topics on this i could not avoid posting another on this. I followed all the steps which where there in the previous discussion of the same topic.My application which is installed in SunOne App server is accessing a https site. I got the trusted CA certs from ...

My understanding of TOmcat dcoumentation is as below:Tomcat web.xml config file can be set up to point to LDAP. Only thing I need to set up there is LDAP URL, LDAP root login/password(for searching LDAP).Having done that if I set up tomcat for basic authontication(will this work for ldap/AD) ...

Hi all.From my applet code when an URLConnection.getInputStream() method is called the browser hangs, if authentication is turned on the webserver.This works with jre 1.4.2 on linux, for the matter on windows with Jre1.5 also.Also it works on 1.5 if authentication is not set.So it is this ...

I have just developed a project named XtremePC.This well commented Java project involved RMI technology, can be used to control the server from anywhere in the world including features of listing running processes, file transfer, shutdown/logoff/lock/restart server PC, execute programs, ...

Hi, I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:I have implemented an EJB who's methods are protected through the deployment descriptor:<assembly-descriptor> ...

I'd like to know how to set the timeout for getting a ticket from the KDC. The default seems to be30 seconds, with 3 tries. This is really long and it exceeds what the application expects for a timeout for it's entire process.So, how is this value set? It would be preferrable to be able to ...

Hi!!!!,I need to create a VPN for comunicate two machines. For create a VPN, can i programming that with java?, o the VPNs are for the operating Systems and devices?.I am very confused with that. How can I to program a VPN with java?.Thanks and sorry for my little Enghish.Greeting from ...

Perhaps this is a simple request: I am developing an application in swing that permits the extension of the application through 'plugins' (remote jar/code that conform to a java interface). However, the issue it that I want to ensure that the code is not permitted to use network connections ...

Hi,How do we perform the X509Certificate authentication in java? Say I have the sender certificate(which contains its public key), the singed data, and its signature. How do i verify this against the root trusted CA in cacerts to make sure that this certificate was actually given by a CA that ...

Hi thereI need to generate a random series of characters and present them as an image when a user registers at my site - to prevent automatic registration (in the same way as Yahoo and Hotmail do, for example)Does anyone know of an open source ...

Hello,Can anyone tell me how to reverse the following code so that I can "undigest" the message?String someString = "whatever";MessageDigest md = MessageDigest.getInstance("MD5");byte[] bytes = someString.getBytes();byte[] digestedBytes = md.digest(bytes);How can I get the string back after the ...

Hi, I develop application working inside application serwer (JBoss 4). The application has functionality that requires usage of kryptographic keys for signing and decrypting data. My question is about concurrent access to such keystore, under heavy load, one key may be accessed from many ...

The following is from my LoginAction class:try{SecurityAssociationHandler handler = newSecurityAssociationHandler();SimplePrincipal user = new SimplePrincipal(username);handler.setSecurityInfo(user, password.toCharArray());LoginContext loginContext = new LoginContext("MySqlDBRealm", ...

Hello!I'm trying to use a smartcard to do some signing and this needs to be done using Java. I have read about the SUN PKCS#11 provider and thought that this would work. However as it turns out my card vendor refuses to provide me with a pkcs#11 .dll and without a dll the sun provider won't ...

Hi everybody,I have a question relative to the default java keystore,the cacerts. I'm trying to import/export certificates but i'm prompted for the keystore's password.I just installed jdk and i'm wasn't prompted for any such password. Is there a default password? anyones knows it or is ...

Hello,I have two private/public key pairs and certificate for a client/server program. It uses and relies on client side authentification via SSL.All this information is stored in two java keystores. Unfortunately the KeyStore class happens to be vendor depended an so are its keystore files ...

I am trying to use jce 1.2.2 in websphere application developer 5.1 testing server, when I use the jce functionality I get the errorjava.lang.SecurityException: Cannot authenticate JCE framework java.util.jar.JarException: jar:file:/C:/Program Files/IBM/WebSphere Studio/Application ...

Hello, I want to make an class that will check the user login name and password on a NT domain, the class will show a screen with 2 fields, username and password, and a combobox, with all domain names, on this screen the user will type his username and password and choose a domain to login to, ...

Hi,I don't understand those things very well, please be patient ...I want to call a method by reflection. In which class this method is, is unknown at compile time, only the method name and signature is known at that time.I want this method to have restricted access to the file system, but if ...

Hi, I want my applet to be able to read/write text files on a user's computer. eg apple/pc, ie/firefox/netscape.Anyway i've created a key, jar file, signed the jar file etc, and when I run my html page, I still get the security error."java.lang.Exception: java.security.AccessControlException: ...

Hi,I tried the GSS-API/Kerberos v5 authentication tutorial at http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html . When I ran the code, I was able to authenticate using Kerberos but was unable to perform any JNDI operations because this line: ...

HELLOI need to know are there any api's to read a word document i.e a .doc file into a java program. If there r api where can i find them & how can i use them

I know it exists as I have seen it working, but does anyone have hte code that will allow me to retrieve the actual IP address of a computer, even if they are using socks or a proxy to try and disguse it? As I have seen it work and their is a way of retreiving the real IP address, but I dont ...

Hi,When a web-application uses "j_security_check" , where does it store the name of the original page requested by the user (the one to which user should be redirected after a successful login ) ?For example, assuming the following scenario:0) A web application contains a page "secret.html", ...

I would like to encrypt a file with one password, but allow many (all known ahead of time) passwords to decrypt the file. Is there a way to do this?

During a discussion about our project's security implemenation a difference of opinions occured over the nature of JAAS. I contended that it wasn't a declarative model in the sense of say EJB security or transactions. The opposing view was that the fact that JAAS builds a policy file for ...